audit su - access
Maria Tsiolakki
tmaria at cs.ucy.ac.cy
Fri Apr 21 13:00:54 UTC 2017
Hello,
We have setup the audit log on a Redhat linux 7.3 machine
We have setup various rules, so far successfully. Our last requirement
is to have audit log, when a user execute the su - or su - root, or sudo su
I write the following rule , but it does not work
-a always,exit -S su -F auid>=200 -F auid!=4294967295 -F key=su-execution
How can I audit log the execution of the su command?
Best regards
Maria
--
**
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170421/e52b127b/attachment.htm>
More information about the Linux-audit
mailing list